If you use a fitness tracker to help you monitor your fitness activities, you never think about the consequences of letting the device and its app have access to your movements. It has become second nature for most to just turn on the GPS when jogging or biking or whatever activity it is that you do within your home area or even your work area. Earlier this year, those who use the Strava app got a rude wake-up call when it was revealed that military bases and personnel were at risk by using the app. Now, investigative site Bellingcat has released an article stating that the Polar fitness tracker is an even worse security risk.

The Polar app is similar to the Strava app in that it has made heat maps accessible to the public, making military locations and even the residences of military personnel public, if you know what to look for (and hackers always know what to look for). What makes Polar worse is that anyone with basic hacking skills will be able to find specific users, analyze their walks and runs, and determine where they live and where they walk. The website itself is very easy to scrape and you won’t even have to hack in to their system because almost all the information is public.

Users of the Polar fitness trackers and the app don’t normally think about hiding their identity. They have usernames that are easily identifiable and even use photos that are actually them. They can even link their Facebook accounts to it, which may make it easier for hackers to figure out habits, places they like to visit, even passwords, etc. Those who use fitness trackers also have the habit of turning off the trackers when they get home, which makes it easier to figure out where they live based on the markers.

The bulk of the blame is also on Polar because they’re making it easier for nefarious elements to have access since everything is public by default. The company has reportedly started to take action regarding this but they need to do more. For example, if a user decides to change their privacy from public to followers, the profile still shows the name, photo and the location they used when signing up. When you also change the privacy of sessions, it will only affect the new ones and all your old sessions are still visible. Polar has also decided to temporarily suspend its explore function, but let’s hope it’s not too late.

With the US military continuing to review its rules on using wearable devices for its personnel in light of both Strava and Polar revelations, the fitness tracker industry will also have to look at things they can do to protect not just these military personnel but also the privacy of normal individuals. There must be a middle ground between getting information for private use and also making said information secure and private.

SOURCE: Bellingcat